 <?php
include '../config.php';
function clean($str) {
  $str = @trim($str);
  if(get_magic_quotes_gpc()) {
    $str = stripslashes($str);
  }
  return mysql_real_escape_string($str);
}
$user = clean($_POST['username']);
$password =md5(clean($_POST['password']));
$query = mysql_query("SELECT * FROM admin WHERE name = '$user' AND password = '$password' ")
or die(mysql_error());
if(mysql_num_rows($query)>0)
{
  $row = mysql_fetch_array($query);
  session_start();
  $_SESSION['admin'] =$row['name'];
  header("Location: index.php");
}
else
{
  echo "Username or password was incorrect!";
} 
mysql_close($con);
?>